Jeremy Allison [Thu, 6 Jan 2022 23:11:20 +0000 (15:11 -0800)]
tests: Add 2 tests for unique fileid's with top bit set (generated from itime) for files and directories.
smb2.fileid_unique.fileid_unique
smb2.fileid_unique.fileid_unique-dir
Create 100 files or directories as fast as we can
against a "normal" share, then read info on them
and ensure (a) top bit is set (generated from itime)
and (b) uniqueness across all generated objects
(checks poor timestamp resolution doesn't create
duplicate fileids).
This shows that even on ext4, this is enough to
cause duplicate fileids to be returned.
Add knownfail.d/fileid-unique
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14928
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Jeremy Allison [Wed, 17 Nov 2021 01:04:02 +0000 (17:04 -0800)]
s3: smbd: Remove now redundent lock_flav parameter from smbd_do_unlocking().
We already stored this in struct smbd_lock_element.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu Jan 6 16:03:28 UTC 2022 on sn-devel-184
Jeremy Allison [Wed, 17 Nov 2021 00:56:02 +0000 (16:56 -0800)]
s3: smbd: Remove lock_flav argument from smbd_smb1_brl_finish_by_lock().
We lookup the lock array from the state stored in the passed-in req
and all the locks in an array are always the same flavour, so this
isn't needed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Wed, 17 Nov 2021 00:48:58 +0000 (16:48 -0800)]
s3: smbd: Remove lock_flav argument from internal function smbd_smb1_do_locks_check()
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Wed, 17 Nov 2021 00:41:09 +0000 (16:41 -0800)]
s3: smbd: Remove lock_flav argument from smbd_smb1_do_locks_send().
And also inside struct smbd_smb1_do_locks_state.
All calls to this always (a) have one or more locks of the same type.
(the setup for smbd_smb1_do_locks_send() ensures there is always
at least one lock) and (b) always set locks[0].lock_flav correctly before calling.
lock_flav is thus a redundent argument. Removing it means
we can never drift out of sync with the lock_flav element
in the passed in locks array.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Wed, 17 Nov 2021 00:15:54 +0000 (16:15 -0800)]
s3: smbd: In smbd_smb1_do_locks_send() move access of lock_flav until after we know we have locks in the array.
When we remove the lock_flav parameter this will need to look into the array itself.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Tue, 16 Nov 2021 23:06:59 +0000 (15:06 -0800)]
s3: smbd: Remove lock_flav parameter from smbd_do_locks_try().
This is now contained in the struct smbd_lock_element for
each lock.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Tue, 16 Nov 2021 23:00:03 +0000 (15:00 -0800)]
s3: smbd: Move implicit call to lp_posix_cifsu_locktype() out of init_strict_lock_struct().
Make it explicit. When we add POSIX handles to SMB2 we will only
look at the handle type. lp_posix_cifsu_locktype() already does this,
but hidden inside init_strict_lock_struct() makes it hard to see.
No logic change.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Tue, 16 Nov 2021 22:26:44 +0000 (14:26 -0800)]
s3: smbd: Add "enum brl_flavour" to struct smbd_lock_element.
Initialized correctly but not yet used.
Will allow 'brl_flavour' to be removed from lock calls.
This will allow SMB2 POSIX handles to call with POSIX_LOCK
flavour instead of always using WINDOWS_LOCK (as now).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Tue, 4 Jan 2022 00:52:25 +0000 (16:52 -0800)]
s3: smbclient: In do_host_query(), if we need SMB1, ensure we select NT1 as the client max protocol" before continuing.
Remove knownfail: selftest/knownfail.d/list_servers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14939
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu Jan 6 11:50:32 UTC 2022 on sn-devel-184
Jeremy Allison [Tue, 4 Jan 2022 00:48:17 +0000 (16:48 -0800)]
s3: selftest: Add two tests that show we try and send an SMB1 request over an SMB2 connection to list servers if "-mSMB3" is selected.
Add knownfail: knownfail.d/list_servers
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14939
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Volker Lendecke [Thu, 23 Dec 2021 12:24:27 +0000 (13:24 +0100)]
lib: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 5 01:02:38 UTC 2022 on sn-devel-184
Volker Lendecke [Tue, 21 Dec 2021 11:54:56 +0000 (12:54 +0100)]
vfs: Modernize a DEBUG statement
Fix the function name printed
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 19 Dec 2021 10:02:46 +0000 (11:02 +0100)]
smbd: Modernize a DEBUG statement
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 7 Oct 2021 12:52:47 +0000 (14:52 +0200)]
rpc_server3: Inline single-use rpcint_binding_handle_ex()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 6 Oct 2021 10:20:17 +0000 (12:20 +0200)]
rpc_server3: Inline pipes_struct into dcerpc_ncacn_conn
This makes it clear that our internal representation of a rpc client
connection in the source3/ server is struct dcerpc_ncacn_conn and that
struct pipes_struct is only around for API compatibility with the
existing server stubs.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 6 Oct 2021 09:16:21 +0000 (11:16 +0200)]
rpc_server3: Remove dcerpc_ncacn_conn->session_info
This was only used inside rpc_worker_new_client(), a leftover from
times where accepting a client was an async process waiting for the
struct named_pipe_auth_req_info4.
The talloc hierarchy is correctly maintained, dcesrv_endpoint_connect() takes a
talloc_reference() of session_info.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 6 Oct 2021 09:16:21 +0000 (11:16 +0200)]
rpc_server3: Remove dcerpc_ncacn_conn->local_server_addr
This was only used inside rpc_worker_new_client(), a leftover from
times where accepting a client was an async process waiting for the
struct named_pipe_auth_req_info4.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 6 Oct 2021 09:16:21 +0000 (11:16 +0200)]
rpc_server3: Remove dcerpc_ncacn_conn->remote_client_addr
This was only used inside rpc_worker_new_client(), a leftover from
times where accepting a client was an async process waiting for the
struct named_pipe_auth_req_info4.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 6 Oct 2021 09:16:21 +0000 (11:16 +0200)]
rpc_server3: Remove dcerpc_ncacn_conn->tstream
This was only used inside rpc_worker_new_client(), a leftover from
times where accepting a client was an async process waiting for the
struct named_pipe_auth_req_info4.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 6 Oct 2021 09:16:21 +0000 (11:16 +0200)]
rpc_server3: Remove dcerpc_ncacn_conn->dce_ctx
This was only used inside rpc_worker_new_client(), a leftover from
times where accepting a client was an async process waiting for the
struct named_pipe_auth_req_info4.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 6 Oct 2021 09:16:21 +0000 (11:16 +0200)]
rpc_server3: Remove dcerpc_ncacn_conn->msg_ctx
This was only used inside rpc_worker_new_client(), a leftover from
times where accepting a client was an async process waiting for the
struct named_pipe_auth_req_info4.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 6 Oct 2021 09:14:30 +0000 (11:14 +0200)]
rpc_server3: dcerpc_ncacn_conn->ev_ctx was only set but never used
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 1 Oct 2021 14:28:57 +0000 (16:28 +0200)]
winbind: Don't transfer a pointer that's NULL anyway
ncacn_conn was created by make_internal_ncacn_conn with talloc_zero(),
and that does not set session_info for the purely one-shot connection
state in winbindd_dual_ndrcmd().
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 6 Oct 2021 09:39:21 +0000 (11:39 +0200)]
rpc_server3: No linked list for pipes_struct anymore
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 4 Oct 2021 11:50:02 +0000 (13:50 +0200)]
rpc_server3: Remove pipes_struct->auth
Replace with a call to dcesrv_call_auth_info(p->dce_call)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 4 Oct 2021 11:40:02 +0000 (13:40 +0200)]
rpc_server3: Remove pipes_struct->session_info
This is a big patch, but all it does is replace all "p->session_info"
with "session_info" after introducing a local variable from
dcesrv_call_session_info(p->dce_call).
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 4 Oct 2021 10:49:56 +0000 (12:49 +0200)]
rpc_server3: Remove pipes_struct->pipe_bound
Only used in pipe_access_check(), superseded by dcesrv_call_auth_info()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 4 Oct 2021 10:37:30 +0000 (12:37 +0200)]
rpc_server3: Inline make_base_pipes_struct()
This did not even use all its arguments anymore.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 4 Oct 2021 10:26:18 +0000 (12:26 +0200)]
rpc_server3: Remove pipes_struct->remote_address
Also available via dcesrv_connection_get_remote_address(p->dce_call->conn)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 4 Oct 2021 10:19:57 +0000 (12:19 +0200)]
rpc_server3: Remove pipes_struct->local_address
Also available via dcesrv_connection_get_local_address(p->dce_call->conn)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 4 Oct 2021 10:03:55 +0000 (12:03 +0200)]
rpc_server3: Inline make_base_pipes_struct() into rpc_worker.c
This is the only user, and in winbind_dual_ndr.c's
make_internal_ncacn_conn we have another creator of pipes_struct. So
it seems not necessary to keep this public.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 28 Sep 2021 11:26:18 +0000 (13:26 +0200)]
rpc_server3: Inline make_internal_ncacn_conn() into rpc_worker.c
This was the only user, and as we have another custom version in
winbind with make_internal_ncacn_conn(), I think this is not really
required to keep around as a separate function.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 21 Dec 2021 16:12:55 +0000 (17:12 +0100)]
smbd: Avoid a DEBUGADD statement
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Tue, 12 Oct 2021 10:06:20 +0000 (12:06 +0200)]
Remove some unused code
I think that if we want to work on asn1 routines we should use
libtasn1. We already depend on this via gnutls these days.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 27 Dec 2021 10:25:34 +0000 (11:25 +0100)]
lib: Avoid a cast
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 24 Nov 2021 11:28:34 +0000 (12:28 +0100)]
smbd: Avoid some casts
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 26 Nov 2021 15:36:25 +0000 (16:36 +0100)]
smbd: Remove an unneeded anonymous struct declaration
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 26 Nov 2021 15:35:44 +0000 (16:35 +0100)]
smbd: Move fast_string_hash() to mangle_hash.c, the only user
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 25 Nov 2021 15:52:41 +0000 (16:52 +0100)]
smbd: Fix a few typos
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 25 Nov 2021 14:37:00 +0000 (15:37 +0100)]
smbd: Save a few lines by using cp_smb_filename_nostream()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 17 Dec 2021 22:32:28 +0000 (23:32 +0100)]
auth/ntlmssp: make sure we return INVALID_PARAMETER for NTLMv2_RESPONSE parsing errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 4 20:57:41 UTC 2022 on sn-devel-184
Stefan Metzmacher [Fri, 17 Dec 2021 22:23:33 +0000 (23:23 +0100)]
s4:torture/smb2: add smb2.session.ntlmssp_bug14932 test
This demonstrates that an invalid av_pair in NTLMv2_CLIENT_CHALLENGE
should result in NT_STATUS_INVALID_PARAMETER at the NTLMSSP layer.
This is different from the netr_LogonSamLogon*() case, where it is
ignored instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 15 Dec 2021 16:25:06 +0000 (17:25 +0100)]
libcli/auth: let NTLMv2_RESPONSE_verify_netlogon_creds ignore invalid netapp requests
We should avoid spamming the logs with wellknown messages like:
ndr_pull_error(Buffer Size Error): Pull bytes 39016
They just confuse admins (and developers).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Wed, 15 Dec 2021 16:25:06 +0000 (17:25 +0100)]
libcli/auth: let NTLMv2_RESPONSE_verify_netlogon_creds ignore BUFFER_TOO_SMALL
Windows doesn't complain about invalid av_pair blobs,
we need to do the same.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Fri, 17 Dec 2021 21:28:51 +0000 (22:28 +0100)]
s4:torture/rpc: add test for invalid av_pair content in LogonSamLogonEx
A netapp diag tool uses a NTLMv2_CLIENT_CHALLENGE with invalid bytes
as av_pair blob. Which is supposed to be ignored by DCs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Stefan Metzmacher [Sat, 18 Dec 2021 09:40:36 +0000 (10:40 +0100)]
auth/credentials: cli_credentials_set_ntlm_response() pass session_keys
Otherwise cli_credentials_get_ntlm_response() will return session keys
with a 0 length, which leads to errors in the NTLMSSP code.
This wasn't noticed as cli_credentials_set_ntlm_response() has no
callers yet, but that will change in the next commits.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14932
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
David Mulder [Mon, 3 Jan 2022 15:40:56 +0000 (08:40 -0700)]
Remove stray reference to "ldap ssl ads"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14462
"ldap ssl ads" has been deprecated and removed.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Isaac Boukris <iboukris@gmail.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 4 19:58:24 UTC 2022 on sn-devel-184
Stefan Metzmacher [Sat, 1 Jan 2022 00:31:01 +0000 (01:31 +0100)]
Happy New Year 2022!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 1 01:24:21 UTC 2022 on sn-devel-184
Volker Lendecke [Mon, 27 Dec 2021 10:17:22 +0000 (11:17 +0100)]
smbd: Assert we don't leak fd's in struct fd_handle
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Dec 30 11:54:17 UTC 2021 on sn-devel-184
Volker Lendecke [Tue, 28 Dec 2021 11:25:59 +0000 (12:25 +0100)]
smbd: Replace SMB_VFS_CLOSE() calls with fd_close()
fd_close() mostly wraps SMB_VFS_CLOSE() but also takes care of refcounting
fsp->fh properly and also makes sure that fsp->fh->fd is set to -1 after close.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 28 Dec 2021 17:42:00 +0000 (18:42 +0100)]
vfs_commit: Reset fsp->fd->fd to -1 after SMB_VFS_CLOSE
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 28 Dec 2021 17:34:20 +0000 (18:34 +0100)]
pysmbd: Fix file descriptor leaks
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 28 Dec 2021 11:25:40 +0000 (12:25 +0100)]
smbd: Fix a fd leak when closing a print file
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Stefan Metzmacher [Tue, 21 Dec 2021 10:19:40 +0000 (11:19 +0100)]
s3:libsmb: fix signing regression SMBC_server_internal()
commit
d0062d312cbbf80afd78143ca5c0be68f2d72b03 introduced
SMBC_ENCRYPTLEVEL_DEFAULT as default, but the logic to enforce
signing wasn't adjusted, so we required smb signing by default.
That broke guest authentication for libsmbclient using applications.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Dec 27 16:38:11 UTC 2021 on sn-devel-184
Stefan Metzmacher [Tue, 21 Dec 2021 11:05:13 +0000 (12:05 +0100)]
s4:selftest: run libsmbclient.noanon_list against maptoguest
This demonstrates the problem with guest access being rejected
by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 21 Dec 2021 11:04:30 +0000 (12:04 +0100)]
s4:torture/libsmbclient: add libsmbclient.noanon_list test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Tue, 21 Dec 2021 13:39:25 +0000 (14:39 +0100)]
selftest/Samba3: enable SMB1 for maptoguest
guest authentication is an old school concept,
so we should make sure it also works with SMB1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14935
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Stefan Metzmacher [Thu, 23 Dec 2021 17:32:44 +0000 (18:32 +0100)]
s4:rpc_server/netlogon: adjust the valid_flags based on dsdb_dc_functional_level()
This allows us to let DS_DIRECTORY_SERVICE_{8,9,10}_REQUIRED through
based on the manual changed msDS-Behavior-Version of our NTDSA object.
We still need to have tests depending on the msDS-Behavior-Version
value if the DSGETDC_VALID_FLAGS is really correct at all.
But for now this allows us to test krb5 FAST from Windows clients.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Joseph Sutton <jsutton@samba.org>
Autobuild-Date(master): Fri Dec 24 03:03:50 UTC 2021 on sn-devel-184
Joseph Sutton [Wed, 22 Dec 2021 01:41:50 +0000 (14:41 +1300)]
s4:rpc_server/netlogon: adjust the flags logic to MS-NRPC 3.5.4.3.1 DsrGetDcNameEx2
Note that this doesn't change the logic as we still reject
DS_DIRECTORY_SERVICE_{8,9,10}_REQUIRED via the initial DSGETDC_VALID_FLAGS
check. The may change that in future, but may need some tests for it.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Joseph Sutton [Wed, 22 Dec 2021 01:51:08 +0000 (14:51 +1300)]
dsdb/netlogon: Indicate DC functional level support in samlogon response
The DS_SERVER_DS_8 flag is necessary for Windows to detect FAST support.
Note for know we only ever have DS_DOMAIN_FUNCTION_2008_R2 (4) in the
msDS-Behavior-Version attribute of our own NTDSA object. So
for now this is only for manual testing. In future we most likely
want to extend 'samba-tool domain level' to raise the dc level
manually or let 'samba' autoupgrade the value.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 23 Dec 2021 10:40:58 +0000 (11:40 +0100)]
dsdb/netlogon: make use of dsdb_dc_functional_level() in fill_netlogon_samlogon_response()
[MS-ADTS] 6.3.3.2 "Domain Controller Response to an LDAP Ping" indicates
that the resulting flags depend on the server software (behavior)
and not the domain wide functional level.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Joseph Sutton [Wed, 22 Dec 2021 01:53:44 +0000 (14:53 +1300)]
dsgetdcname: Display new flags in debug output
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Joseph Sutton [Wed, 22 Dec 2021 21:57:50 +0000 (10:57 +1300)]
netlogon.idl: Add flags for indicating directory service versions
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Stefan Metzmacher [Thu, 23 Dec 2021 10:34:25 +0000 (11:34 +0100)]
s4:rpc_server/dnsserver: make use of dsdb_dc_functional_level()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Stefan Metzmacher [Thu, 23 Dec 2021 10:34:02 +0000 (11:34 +0100)]
dsdb/common: add dsdb_dc_functional_level() helper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Andreas Schneider [Thu, 16 Dec 2021 06:24:58 +0000 (07:24 +0100)]
python:tests: Don't require an emtpy 'authorization-data' to be present
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Dec 20 17:01:11 UTC 2021 on sn-devel-184
Stefan Metzmacher [Mon, 20 Dec 2021 16:02:12 +0000 (17:02 +0100)]
Revert "python:tests: Don't require an emtpy 'authorization-data' to be present"
This reverts commit
36325f1ee907d38c978229da67de3844f969cd33.
This was not the latest version from:
https://gitlab.com/samba-team/samba/-/merge_requests/2304
The correct version follows...
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Anoop C S [Fri, 17 Dec 2021 10:11:25 +0000 (15:41 +0530)]
s3/rpc_server: Remove duplicate dependency listing for RPC_SERVICE
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Mon Dec 20 10:14:53 UTC 2021 on sn-devel-184
Andreas Schneider [Thu, 16 Dec 2021 06:24:58 +0000 (07:24 +0100)]
python:tests: Don't require an emtpy 'authorization-data' to be present
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Joseph Sutton <jsutton@samba.org>
Autobuild-Date(master): Mon Dec 20 08:26:45 UTC 2021 on sn-devel-184
Jeremy Allison [Wed, 15 Dec 2021 18:41:39 +0000 (10:41 -0800)]
s3: smbd: In setup_close_full_information(), remove unneeded vfs_stat().
After openat_pathref_fsp() is successful we know we have a VALID_STAT().
It either returns NT_STATUS_OK or we look at the stat
struct for S_ISLNK so we know we have VALID_STAT().
If it's not successful we error out, so we don't need
another vfs_stat() here.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Dec 16 07:33:09 UTC 2021 on sn-devel-184
Günther Deschner [Wed, 17 Nov 2021 08:56:09 +0000 (09:56 +0100)]
pam_winbind: add new pwd_change_prompt option (defaults to off).
This change disables the prompt for the change of an expired password by
default (using the PAM_RADIO_TYPE mechanism if present).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8691
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Dec 16 03:05:30 UTC 2021 on sn-devel-184
Andreas Schneider [Tue, 14 Dec 2021 15:27:17 +0000 (16:27 +0100)]
s3:winbind: Fix using normalized name in sam_name_to_sid()
name is never read again, we want lsa_name to be set.
Found by covscan.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec 15 20:22:47 UTC 2021 on sn-devel-184
Andreas Schneider [Tue, 14 Dec 2021 15:13:51 +0000 (16:13 +0100)]
lib:util: Initialize pid
Found by covscan
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 14 Dec 2021 15:12:43 +0000 (16:12 +0100)]
lib:krb_wrap: Add missing error check in smb_krb5_salt_principal_str()
Found by covscan.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 14 Dec 2021 14:46:05 +0000 (15:46 +0100)]
s3:winbindd: Remove dead code from sam_rids_to_names()
domain_name is never NULL in this case. Found by covscan.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 14 Dec 2021 14:42:06 +0000 (15:42 +0100)]
s4:dns_server: Remove less-than-zero comparison of an unsigned value
This will never be true. Found by covscan
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 14 Dec 2021 14:38:45 +0000 (15:38 +0100)]
ctdb:client: Initialize structs and pointers in ctdb_ctrl_(en|dis)able_node()
Found by covscan.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Fri, 10 Dec 2021 14:10:39 +0000 (15:10 +0100)]
s3:libnet: Initialize struct ODJ_POLICY_DNS_DOMAIN_INFO
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Fri, 10 Dec 2021 14:06:03 +0000 (15:06 +0100)]
lib:util: Check return value of tdb_parse_record()
This makes covscan happy.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Fri, 10 Dec 2021 14:03:20 +0000 (15:03 +0100)]
s3:lib: Do not close fd = -1 on fail in netapi example
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Fri, 10 Dec 2021 13:56:08 +0000 (14:56 +0100)]
s3:lib: Fix memory leak in netapi examples
Found by covscan.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 14 Dec 2021 17:50:12 +0000 (09:50 -0800)]
s3: smbd: In call_trans2qfilepathinfo(), remove unneeded vfs_stat().
We know at this point that we have VALID_STAT(smb_fname->st).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec 15 19:26:50 UTC 2021 on sn-devel-184
Jeremy Allison [Tue, 14 Dec 2021 17:46:51 +0000 (09:46 -0800)]
s3: smbd: In call_trans2qfilepathinfo(), we must have an existing object in the QPATHINFO case.
qpathinfo must operate on an existing file, so we
can exit early if filename_convert() returned the "new file"
NT_STATUS_OK, !VALID_STAT case.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Tue, 14 Dec 2021 00:54:07 +0000 (16:54 -0800)]
s3: smbd: Inside call_trans2setfilepathinfo(), for the TRANSACT2_SETPATHINFO case, we don't need to re-stat.
If we need a valid filesystem object, and we have a !VALID_STAT()
return from filename_convert(), the previous commit has already
errored out. We don't need a re-stat call here.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Tue, 14 Dec 2021 00:48:14 +0000 (16:48 -0800)]
s3: smbd: Inside call_trans2setfilepathinfo(), for the TRANSACT2_SETPATHINFO case, ensure we have a VALID_STAT return from filename_convert().
Remember, filename_convert() can return NT_STATUS_OK
with !VALID_STAT() if the last component doesn't exist,
as this may be an object create.
For call_trans2setfilepathinfo(), there are only 4 info levels
for the TRANSACT2_SETPATHINFO (pathname) case that don't require
an existing filesystem object (i.e. a VALID_STAT()) in the return
from filename_convert() as they can create an object in the
filesystem.
If we don't get a VALID_STAT() and the info level isn't one of
those 4, error out.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Mon, 13 Dec 2021 22:19:35 +0000 (14:19 -0800)]
s3: smbd: call_trans2setfilepathinfo(), TRANSACT2_SETFILEINFO case, use helper function vfs_stat().
This isn't a change in behavior, even though the
old comment says: "Always do lstat for UNIX calls".
A previous commit enforces POSIX pathname negotiation
before allowing UNIX info levels to be processed here,
so we can guarantee that SMB_FILENAME_POSIX_PATH is set
on smb_fname if we're allowing a UNIX info level.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Mon, 13 Dec 2021 22:13:59 +0000 (14:13 -0800)]
s3: smbd: In call_trans2qfilepathinfo(), TRANSACT2_QPATHINFO, use helper function vfs_stat().
This isn't a change in behavior, even though the
old comment says: "Always do lstat for UNIX calls".
A previous commit enforces POSIX pathname negotiation
before allowing UNIX info levels to be processed here,
so we can guarantee that SMB_FILENAME_POSIX_PATH is set
on smb_fname if we're allowing a UNIX info level.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Mon, 13 Dec 2021 22:09:33 +0000 (14:09 -0800)]
s3: smbd: In call_trans2qfilepathinfo(), TRANSACT2_QPATHINFO on a named stream case, use helper function vfs_stat().
This isn't a change in behavior, even though the
old comment says: "Always do lstat for UNIX calls".
A previous commit enforces POSIX pathname negotiation
before allowing UNIX info levels to be processed here,
so we can guarantee that SMB_FILENAME_POSIX_PATH is set
on smb_fname if we're allowing a UNIX info level.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Mon, 13 Dec 2021 22:05:32 +0000 (14:05 -0800)]
s3: smbd: In call_trans2qfilepathinfo(), TRANSACT2_QFILEINFO case, use helper function vfs_stat().
This isn't a change in behavior, even though the
old comment says: "Always do lstat for UNIX calls".
A previous commit enforces POSIX pathname negotiation
before allowing UNIX info levels to be processed here,
so we can guarantee that SMB_FILENAME_POSIX_PATH is set
on smb_fname if we're allowing a UNIX info level.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Tue, 14 Dec 2021 00:08:14 +0000 (16:08 -0800)]
s3: smbd: In parent_dirname_compatible_open(), use helper function vfs_stat().
This is a change in behavior, but the old behavior was incorrect.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Mon, 13 Dec 2021 22:02:51 +0000 (14:02 -0800)]
s3: smbd: In vfs_stat_smb_basename() use vfs_stat() helper function.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Mon, 13 Dec 2021 21:45:13 +0000 (13:45 -0800)]
s3: smbd: In smbd_smb2_getinfo_send(), use vfs_stat() utility function.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Noel Power [Wed, 15 Dec 2021 15:55:02 +0000 (15:55 +0000)]
s3: smbd: In stat_cache_lookup(), remove unused posix_paths param.
Signed-off-by: Noel Power <npower@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Mon, 13 Dec 2021 21:44:25 +0000 (13:44 -0800)]
s3: smbd: In stat_cache_lookup(), use vfs_stat() utility function.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Noel Power [Wed, 15 Dec 2021 15:36:22 +0000 (15:36 +0000)]
s3: smbd: In setup_close_full_information() the posix_open parameter is not needed anymore.
Signed-off-by: Noel Power <npower@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Mon, 13 Dec 2021 21:43:06 +0000 (13:43 -0800)]
s3: smbd: In setup_close_full_information() use vfs_stat() helper function.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Jeremy Allison [Mon, 13 Dec 2021 21:42:35 +0000 (13:42 -0800)]
s3: smbd: In check_parent_exists() use utility function vfs_stat().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Joseph Sutton [Tue, 14 Dec 2021 06:16:15 +0000 (19:16 +1300)]
tests/krb5: Add tests for AS-REQ to self with FAST
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Dec 15 04:33:11 UTC 2021 on sn-devel-184
Joseph Sutton [Tue, 14 Dec 2021 06:16:00 +0000 (19:16 +1300)]
tests/krb5: Correctly determine whether tickets are service tickets
Previously we expected tickets to contain a ticket checksum if the sname
was not the krbtgt. However, the ticket checksum should not be present
if we are performing an AS-REQ to our own account. Now we determine a
ticket is a service ticket only if the request is also a TGS-REQ.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>